Dot not use weak ciphers.
This commit is contained in:
parent
d80a9876d2
commit
c70498d6bc
|
@ -13,7 +13,7 @@ private_key = $dir/private.key
|
||||||
RANDFILE = $dir/.rand
|
RANDFILE = $dir/.rand
|
||||||
default_days = 365
|
default_days = 365
|
||||||
default_crl_days= 365
|
default_crl_days= 365
|
||||||
default_md = md5
|
default_md = sha256
|
||||||
preserve = no
|
preserve = no
|
||||||
policy = policy_match
|
policy = policy_match
|
||||||
|
|
||||||
|
@ -26,7 +26,7 @@ commonName = supplied
|
||||||
emailAddress = supplied
|
emailAddress = supplied
|
||||||
|
|
||||||
[ req ]
|
[ req ]
|
||||||
default_bits = 1024
|
default_bits = 2048
|
||||||
distinguished_name = req_distinguished_name
|
distinguished_name = req_distinguished_name
|
||||||
|
|
||||||
[ req_distinguished_name ]
|
[ req_distinguished_name ]
|
||||||
|
|
|
@ -29,7 +29,7 @@ init() {
|
||||||
if [ ! -f $PREFIX/ca/index.txt ]; then touch $PREFIX/ca/index.txt; fi
|
if [ ! -f $PREFIX/ca/index.txt ]; then touch $PREFIX/ca/index.txt; fi
|
||||||
if [ ! -f $PREFIX/files/ca/serial ]; then echo 01 > $PREFIX/ca/serial; fi
|
if [ ! -f $PREFIX/files/ca/serial ]; then echo 01 > $PREFIX/ca/serial; fi
|
||||||
|
|
||||||
$OPENSSL dhparam -out $PREFIX/ca/dh1024.pem 1024
|
$OPENSSL dhparam -out $PREFIX/ca/dh2048.pem 2048
|
||||||
$OPENSSL genrsa -out $PREFIX/ca/private.key 2048
|
$OPENSSL genrsa -out $PREFIX/ca/private.key 2048
|
||||||
|
|
||||||
$OPENSSL req \
|
$OPENSSL req \
|
||||||
|
|
Loading…
Reference in a new issue